npm - @simplewebauthn/server - Versions diffs - 7.4.0 → 8.0.0 - Mend

@simplewebauthn/server 7.4.0 → 8.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (343) hide show

package/script/helpers/iso/isoCrypto/getRandomValues.js ADDED Viewed

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getRandomValues = void 0;
+const getWebCrypto_js_1 = require("./getWebCrypto.js");
+/**
+ * Fill up the provided bytes array with random bytes equal to its length.
+ *
+ * @returns the same bytes array passed into the method
+ */
+async function getRandomValues(array) {
+    const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
+    WebCrypto.getRandomValues(array);
+    return array;
+}
+exports.getRandomValues = getRandomValues;

package/script/helpers/iso/isoCrypto/getWebCrypto.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import type { Crypto } from '../../../deps.js';
+/**
+ * Try to get an instance of the Crypto API from the current runtime. Should support Node,
+ * as well as others, like Deno, that implement Web APIs.
+ */
+export declare function getWebCrypto(): Promise<Crypto>;

package/script/helpers/iso/isoCrypto/getWebCrypto.js ADDED Viewed

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getWebCrypto = void 0;
+let webCrypto = undefined;
+/**
+ * Try to get an instance of the Crypto API from the current runtime. Should support Node,
+ * as well as others, like Deno, that implement Web APIs.
+ */
+async function getWebCrypto() {
+    if (webCrypto) {
+        return webCrypto;
+    }
+    try {
+        /**
+         * Naively attempt a Node import...
+         */
+        // @ts-ignore: We'll handle any errors...
+        // dnt-shim-ignore
+        const _crypto = await require('node:crypto');
+        webCrypto = _crypto.webcrypto;
+    }
+    catch (_err) {
+        /**
+         * Naively attempt to access Crypto as a global object, which popular alternative run-times
+         * support.
+         */
+        // @ts-ignore: ...right here.
+        const _crypto = globalThis.crypto;
+        if (!_crypto) {
+            // We tried to access it both in Node and globally, so bail out
+            throw new MissingWebCrypto();
+        }
+        webCrypto = _crypto;
+    }
+    return webCrypto;
+}
+exports.getWebCrypto = getWebCrypto;
+class MissingWebCrypto extends Error {
+    constructor() {
+        const message = 'An instance of the Crypto API could not be located';
+        super(message);
+        this.name = 'MissingWebCrypto';
+    }
+}

package/script/helpers/iso/isoCrypto/importKey.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export declare function importKey(opts: {
+    keyData: JsonWebKey;
+    algorithm: AlgorithmIdentifier | RsaHashedImportParams | EcKeyImportParams;
+}): Promise<CryptoKey>;

package/script/helpers/iso/isoCrypto/importKey.js ADDED Viewed

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.importKey = void 0;
+const getWebCrypto_js_1 = require("./getWebCrypto.js");
+async function importKey(opts) {
+    const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
+    const { keyData, algorithm } = opts;
+    return WebCrypto.subtle.importKey('jwk', keyData, algorithm, false, [
+        'verify',
+    ]);
+}
+exports.importKey = importKey;

package/script/helpers/iso/isoCrypto/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export { digest } from './digest.js';
+export { getRandomValues } from './getRandomValues.js';
+export { verify } from './verify.js';

package/{dist → script}/helpers/iso/isoCrypto/index.js RENAMED Viewed

@@ -1,10 +1,9 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verify = exports.getRandomValues = exports.digest = void 0;
-var digest_1 = require("./digest");
-Object.defineProperty(exports, "digest", { enumerable: true, get: function () { return digest_1.digest; } });
-var getRandomValues_1 = require("./getRandomValues");
-Object.defineProperty(exports, "getRandomValues", { enumerable: true, get: function () { return getRandomValues_1.getRandomValues; } });
-var verify_1 = require("./verify");
-Object.defineProperty(exports, "verify", { enumerable: true, get: function () { return verify_1.verify; } });
-//# sourceMappingURL=index.js.map
+var digest_js_1 = require("./digest.js");
+Object.defineProperty(exports, "digest", { enumerable: true, get: function () { return digest_js_1.digest; } });
+var getRandomValues_js_1 = require("./getRandomValues.js");
+Object.defineProperty(exports, "getRandomValues", { enumerable: true, get: function () { return getRandomValues_js_1.getRandomValues; } });
+var verify_js_1 = require("./verify.js");
+Object.defineProperty(exports, "verify", { enumerable: true, get: function () { return verify_js_1.verify; } });

package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { SubtleCryptoAlg } from './structs.js';
+import { COSEALG } from '../../cose.js';
+/**
+ * Convert a COSE alg ID into a corresponding string value that WebCrypto APIs expect
+ */
+export declare function mapCoseAlgToWebCryptoAlg(alg: COSEALG): SubtleCryptoAlg;

package/{dist → script}/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoAlg.js RENAMED Viewed

@@ -1,24 +1,24 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.mapCoseAlgToWebCryptoAlg = void 0;
-const cose_1 = require("../../cose");
+const cose_js_1 = require("../../cose.js");
 /**
  * Convert a COSE alg ID into a corresponding string value that WebCrypto APIs expect
  */
 function mapCoseAlgToWebCryptoAlg(alg) {
-    if ([cose_1.COSEALG.RS1].indexOf(alg) >= 0) {
+    if ([cose_js_1.COSEALG.RS1].indexOf(alg) >= 0) {
         return 'SHA-1';
     }
-    else if ([cose_1.COSEALG.ES256, cose_1.COSEALG.PS256, cose_1.COSEALG.RS256].indexOf(alg) >= 0) {
+    else if ([cose_js_1.COSEALG.ES256, cose_js_1.COSEALG.PS256, cose_js_1.COSEALG.RS256].indexOf(alg) >= 0) {
         return 'SHA-256';
     }
-    else if ([cose_1.COSEALG.ES384, cose_1.COSEALG.PS384, cose_1.COSEALG.RS384].indexOf(alg) >= 0) {
+    else if ([cose_js_1.COSEALG.ES384, cose_js_1.COSEALG.PS384, cose_js_1.COSEALG.RS384].indexOf(alg) >= 0) {
         return 'SHA-384';
     }
-    else if ([cose_1.COSEALG.ES512, cose_1.COSEALG.PS512, cose_1.COSEALG.RS512, cose_1.COSEALG.EdDSA].indexOf(alg) >= 0) {
+    else if ([cose_js_1.COSEALG.ES512, cose_js_1.COSEALG.PS512, cose_js_1.COSEALG.RS512, cose_js_1.COSEALG.EdDSA].indexOf(alg) >=
+        0) {
         return 'SHA-512';
     }
     throw new Error(`Could not map COSE alg value of ${alg} to a WebCrypto alg`);
 }
 exports.mapCoseAlgToWebCryptoAlg = mapCoseAlgToWebCryptoAlg;
-//# sourceMappingURL=mapCoseAlgToWebCryptoAlg.js.map

package/script/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { COSEALG } from '../../cose.js';
+import { SubtleCryptoKeyAlgName } from './structs.js';
+/**
+ * Convert a COSE alg ID into a corresponding key algorithm string value that WebCrypto APIs expect
+ */
+export declare function mapCoseAlgToWebCryptoKeyAlgName(alg: COSEALG): SubtleCryptoKeyAlgName;

package/{dist → script}/helpers/iso/isoCrypto/mapCoseAlgToWebCryptoKeyAlgName.js RENAMED Viewed

@@ -1,24 +1,23 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.mapCoseAlgToWebCryptoKeyAlgName = void 0;
-const cose_1 = require("../../cose");
+const cose_js_1 = require("../../cose.js");
 /**
  * Convert a COSE alg ID into a corresponding key algorithm string value that WebCrypto APIs expect
  */
 function mapCoseAlgToWebCryptoKeyAlgName(alg) {
-    if ([cose_1.COSEALG.EdDSA].indexOf(alg) >= 0) {
+    if ([cose_js_1.COSEALG.EdDSA].indexOf(alg) >= 0) {
         return 'Ed25519';
     }
-    else if ([cose_1.COSEALG.ES256, cose_1.COSEALG.ES384, cose_1.COSEALG.ES512, cose_1.COSEALG.ES256K].indexOf(alg) >= 0) {
+    else if ([cose_js_1.COSEALG.ES256, cose_js_1.COSEALG.ES384, cose_js_1.COSEALG.ES512, cose_js_1.COSEALG.ES256K].indexOf(alg) >= 0) {
         return 'ECDSA';
     }
-    else if ([cose_1.COSEALG.RS256, cose_1.COSEALG.RS384, cose_1.COSEALG.RS512, cose_1.COSEALG.RS1].indexOf(alg) >= 0) {
+    else if ([cose_js_1.COSEALG.RS256, cose_js_1.COSEALG.RS384, cose_js_1.COSEALG.RS512, cose_js_1.COSEALG.RS1].indexOf(alg) >= 0) {
         return 'RSASSA-PKCS1-v1_5';
     }
-    else if ([cose_1.COSEALG.PS256, cose_1.COSEALG.PS384, cose_1.COSEALG.PS512].indexOf(alg) >= 0) {
+    else if ([cose_js_1.COSEALG.PS256, cose_js_1.COSEALG.PS384, cose_js_1.COSEALG.PS512].indexOf(alg) >= 0) {
         return 'RSA-PSS';
     }
     throw new Error(`Could not map COSE alg value of ${alg} to a WebCrypto key alg name`);
 }
 exports.mapCoseAlgToWebCryptoKeyAlgName = mapCoseAlgToWebCryptoKeyAlgName;
-//# sourceMappingURL=mapCoseAlgToWebCryptoKeyAlgName.js.map

package/script/helpers/iso/isoCrypto/structs.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export type SubtleCryptoAlg = 'SHA-1' | 'SHA-256' | 'SHA-384' | 'SHA-512';
+export type SubtleCryptoCrv = 'P-256' | 'P-384' | 'P-521' | 'Ed25519';
+export type SubtleCryptoKeyAlgName = 'ECDSA' | 'Ed25519' | 'RSASSA-PKCS1-v1_5' | 'RSA-PSS';

package/{dist → script}/helpers/iso/isoCrypto/structs.js RENAMED Viewed

@@ -1,3 +1,2 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=structs.js.map

package/script/helpers/iso/isoCrypto/unwrapEC2Signature.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * In WebAuthn, EC2 signatures are wrapped in ASN.1 structure so we need to peel r and s apart.
+ *
+ * See https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-types
+ */
+export declare function unwrapEC2Signature(signature: Uint8Array): Uint8Array;

package/{dist → script}/helpers/iso/isoCrypto/unwrapEC2Signature.js RENAMED Viewed

@@ -1,16 +1,15 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.unwrapEC2Signature = void 0;
-const asn1_ecc_1 = require("@peculiar/asn1-ecc");
-const asn1_schema_1 = require("@peculiar/asn1-schema");
-const __1 = require("../");
+const deps_js_1 = require("../../../deps.js");
+const index_js_1 = require("../index.js");
 /**
  * In WebAuthn, EC2 signatures are wrapped in ASN.1 structure so we need to peel r and s apart.
  *
  * See https://www.w3.org/TR/webauthn-2/#sctn-signature-attestation-types
  */
 function unwrapEC2Signature(signature) {
-    const parsedSignature = asn1_schema_1.AsnParser.parse(signature, asn1_ecc_1.ECDSASigValue);
+    const parsedSignature = deps_js_1.AsnParser.parse(signature, deps_js_1.ECDSASigValue);
     let rBytes = new Uint8Array(parsedSignature.r);
     let sBytes = new Uint8Array(parsedSignature.s);
     if (shouldRemoveLeadingZero(rBytes)) {
@@ -19,7 +18,7 @@ function unwrapEC2Signature(signature) {
     if (shouldRemoveLeadingZero(sBytes)) {
         sBytes = sBytes.slice(1);
     }
-    const finalSignature = __1.isoUint8Array.concat([rBytes, sBytes]);
+    const finalSignature = index_js_1.isoUint8Array.concat([rBytes, sBytes]);
     return finalSignature;
 }
 exports.unwrapEC2Signature = unwrapEC2Signature;
@@ -33,4 +32,3 @@ exports.unwrapEC2Signature = unwrapEC2Signature;
 function shouldRemoveLeadingZero(bytes) {
     return bytes[0] === 0x0 && (bytes[1] & (1 << 7)) !== 0;
 }
-//# sourceMappingURL=unwrapEC2Signature.js.map

package/script/helpers/iso/isoCrypto/verify.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { COSEALG, COSEPublicKey } from '../../cose.js';
+/**
+ * Verify signatures with their public key. Supports EC2 and RSA public keys.
+ */
+export declare function verify(opts: {
+    cosePublicKey: COSEPublicKey;
+    signature: Uint8Array;
+    data: Uint8Array;
+    shaHashOverride?: COSEALG;
+}): Promise<boolean>;

package/script/helpers/iso/isoCrypto/verify.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.verify = void 0;
+const cose_js_1 = require("../../cose.js");
+const verifyEC2_js_1 = require("./verifyEC2.js");
+const verifyRSA_js_1 = require("./verifyRSA.js");
+const verifyOKP_js_1 = require("./verifyOKP.js");
+const unwrapEC2Signature_js_1 = require("./unwrapEC2Signature.js");
+/**
+ * Verify signatures with their public key. Supports EC2 and RSA public keys.
+ */
+function verify(opts) {
+    const { cosePublicKey, signature, data, shaHashOverride } = opts;
+    if ((0, cose_js_1.isCOSEPublicKeyEC2)(cosePublicKey)) {
+        const unwrappedSignature = (0, unwrapEC2Signature_js_1.unwrapEC2Signature)(signature);
+        return (0, verifyEC2_js_1.verifyEC2)({
+            cosePublicKey,
+            signature: unwrappedSignature,
+            data,
+            shaHashOverride,
+        });
+    }
+    else if ((0, cose_js_1.isCOSEPublicKeyRSA)(cosePublicKey)) {
+        return (0, verifyRSA_js_1.verifyRSA)({ cosePublicKey, signature, data, shaHashOverride });
+    }
+    else if ((0, cose_js_1.isCOSEPublicKeyOKP)(cosePublicKey)) {
+        return (0, verifyOKP_js_1.verifyOKP)({ cosePublicKey, signature, data });
+    }
+    const kty = cosePublicKey.get(cose_js_1.COSEKEYS.kty);
+    throw new Error(`Signature verification with public key of kty ${kty} is not supported by this method`);
+}
+exports.verify = verify;

package/script/helpers/iso/isoCrypto/verifyEC2.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { COSEALG, COSEPublicKeyEC2 } from '../../cose.js';
+/**
+ * Verify a signature using an EC2 public key
+ */
+export declare function verifyEC2(opts: {
+    cosePublicKey: COSEPublicKeyEC2;
+    signature: Uint8Array;
+    data: Uint8Array;
+    shaHashOverride?: COSEALG;
+}): Promise<boolean>;

package/{dist → script}/helpers/iso/isoCrypto/verifyEC2.js RENAMED Viewed

@@ -1,24 +1,22 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyEC2 = void 0;
-const iso_webcrypto_1 = __importDefault(require("@simplewebauthn/iso-webcrypto"));
-const cose_1 = require("../../cose");
-const mapCoseAlgToWebCryptoAlg_1 = require("./mapCoseAlgToWebCryptoAlg");
-const importKey_1 = require("./importKey");
-const index_1 = require("../index");
+const cose_js_1 = require("../../cose.js");
+const mapCoseAlgToWebCryptoAlg_js_1 = require("./mapCoseAlgToWebCryptoAlg.js");
+const importKey_js_1 = require("./importKey.js");
+const index_js_1 = require("../index.js");
+const getWebCrypto_js_1 = require("./getWebCrypto.js");
 /**
  * Verify a signature using an EC2 public key
  */
 async function verifyEC2(opts) {
     const { cosePublicKey, signature, data, shaHashOverride } = opts;
+    const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
     // Import the public key
-    const alg = cosePublicKey.get(cose_1.COSEKEYS.alg);
-    const crv = cosePublicKey.get(cose_1.COSEKEYS.crv);
-    const x = cosePublicKey.get(cose_1.COSEKEYS.x);
-    const y = cosePublicKey.get(cose_1.COSEKEYS.y);
+    const alg = cosePublicKey.get(cose_js_1.COSEKEYS.alg);
+    const crv = cosePublicKey.get(cose_js_1.COSEKEYS.crv);
+    const x = cosePublicKey.get(cose_js_1.COSEKEYS.x);
+    const y = cosePublicKey.get(cose_js_1.COSEKEYS.y);
     if (!alg) {
         throw new Error('Public key was missing alg (EC2)');
     }
@@ -32,13 +30,13 @@ async function verifyEC2(opts) {
         throw new Error('Public key was missing y (EC2)');
     }
     let _crv;
-    if (crv === cose_1.COSECRV.P256) {
+    if (crv === cose_js_1.COSECRV.P256) {
         _crv = 'P-256';
     }
-    else if (crv === cose_1.COSECRV.P384) {
+    else if (crv === cose_js_1.COSECRV.P384) {
         _crv = 'P-384';
     }
-    else if (crv === cose_1.COSECRV.P521) {
+    else if (crv === cose_js_1.COSECRV.P521) {
         _crv = 'P-521';
     }
     else {
@@ -47,8 +45,8 @@ async function verifyEC2(opts) {
     const keyData = {
         kty: 'EC',
         crv: _crv,
-        x: index_1.isoBase64URL.fromBuffer(x),
-        y: index_1.isoBase64URL.fromBuffer(y),
+        x: index_js_1.isoBase64URL.fromBuffer(x),
+        y: index_js_1.isoBase64URL.fromBuffer(y),
         ext: false,
     };
     const keyAlgorithm = {
@@ -61,20 +59,19 @@ async function verifyEC2(opts) {
         name: 'ECDSA',
         namedCurve: _crv,
     };
-    const key = await (0, importKey_1.importKey)({
+    const key = await (0, importKey_js_1.importKey)({
         keyData,
         algorithm: keyAlgorithm,
     });
     // Determine which SHA algorithm to use for signature verification
-    let subtleAlg = (0, mapCoseAlgToWebCryptoAlg_1.mapCoseAlgToWebCryptoAlg)(alg);
+    let subtleAlg = (0, mapCoseAlgToWebCryptoAlg_js_1.mapCoseAlgToWebCryptoAlg)(alg);
     if (shaHashOverride) {
-        subtleAlg = (0, mapCoseAlgToWebCryptoAlg_1.mapCoseAlgToWebCryptoAlg)(shaHashOverride);
+        subtleAlg = (0, mapCoseAlgToWebCryptoAlg_js_1.mapCoseAlgToWebCryptoAlg)(shaHashOverride);
     }
     const verifyAlgorithm = {
         name: 'ECDSA',
         hash: { name: subtleAlg },
     };
-    return iso_webcrypto_1.default.subtle.verify(verifyAlgorithm, key, signature, data);
+    return WebCrypto.subtle.verify(verifyAlgorithm, key, signature, data);
 }
 exports.verifyEC2 = verifyEC2;
-//# sourceMappingURL=verifyEC2.js.map

package/script/helpers/iso/isoCrypto/verifyOKP.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+import { COSEPublicKeyOKP } from '../../cose.js';
+export declare function verifyOKP(opts: {
+    cosePublicKey: COSEPublicKeyOKP;
+    signature: Uint8Array;
+    data: Uint8Array;
+}): Promise<boolean>;

package/{dist → script}/helpers/iso/isoCrypto/verifyOKP.js RENAMED Viewed

@@ -1,22 +1,20 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyOKP = void 0;
-const iso_webcrypto_1 = __importDefault(require("@simplewebauthn/iso-webcrypto"));
-const cose_1 = require("../../cose");
-const index_1 = require("../../index");
-const importKey_1 = require("./importKey");
+const cose_js_1 = require("../../cose.js");
+const index_js_1 = require("../../index.js");
+const importKey_js_1 = require("./importKey.js");
+const getWebCrypto_js_1 = require("./getWebCrypto.js");
 async function verifyOKP(opts) {
     const { cosePublicKey, signature, data } = opts;
-    const alg = cosePublicKey.get(cose_1.COSEKEYS.alg);
-    const crv = cosePublicKey.get(cose_1.COSEKEYS.crv);
-    const x = cosePublicKey.get(cose_1.COSEKEYS.x);
+    const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
+    const alg = cosePublicKey.get(cose_js_1.COSEKEYS.alg);
+    const crv = cosePublicKey.get(cose_js_1.COSEKEYS.crv);
+    const x = cosePublicKey.get(cose_js_1.COSEKEYS.x);
     if (!alg) {
         throw new Error('Public key was missing alg (OKP)');
     }
-    if (!(0, cose_1.isCOSEAlg)(alg)) {
+    if (!(0, cose_js_1.isCOSEAlg)(alg)) {
         throw new Error(`Public key had invalid alg ${alg} (OKP)`);
     }
     if (!crv) {
@@ -28,7 +26,7 @@ async function verifyOKP(opts) {
     // Pulled key import steps from here:
     // https://wicg.github.io/webcrypto-secure-curves/#ed25519-operations
     let _crv;
-    if (crv === cose_1.COSECRV.ED25519) {
+    if (crv === cose_js_1.COSECRV.ED25519) {
         _crv = 'Ed25519';
     }
     else {
@@ -38,21 +36,20 @@ async function verifyOKP(opts) {
         kty: 'OKP',
         crv: _crv,
         alg: 'EdDSA',
-        x: index_1.isoBase64URL.fromBuffer(x),
+        x: index_js_1.isoBase64URL.fromBuffer(x),
         ext: false,
     };
     const keyAlgorithm = {
         name: _crv,
         namedCurve: _crv,
     };
-    const key = await (0, importKey_1.importKey)({
+    const key = await (0, importKey_js_1.importKey)({
         keyData,
         algorithm: keyAlgorithm,
     });
     const verifyAlgorithm = {
         name: _crv,
     };
-    return iso_webcrypto_1.default.subtle.verify(verifyAlgorithm, key, signature, data);
+    return WebCrypto.subtle.verify(verifyAlgorithm, key, signature, data);
 }
 exports.verifyOKP = verifyOKP;
-//# sourceMappingURL=verifyOKP.js.map

package/script/helpers/iso/isoCrypto/verifyRSA.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import { COSEALG, COSEPublicKeyRSA } from '../../cose.js';
+/**
+ * Verify a signature using an RSA public key
+ */
+export declare function verifyRSA(opts: {
+    cosePublicKey: COSEPublicKeyRSA;
+    signature: Uint8Array;
+    data: Uint8Array;
+    shaHashOverride?: COSEALG;
+}): Promise<boolean>;

package/{dist → script}/helpers/iso/isoCrypto/verifyRSA.js RENAMED Viewed

@@ -1,27 +1,25 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.verifyRSA = void 0;
-const iso_webcrypto_1 = __importDefault(require("@simplewebauthn/iso-webcrypto"));
-const cose_1 = require("../../cose");
-const mapCoseAlgToWebCryptoAlg_1 = require("./mapCoseAlgToWebCryptoAlg");
-const importKey_1 = require("./importKey");
-const index_1 = require("../index");
-const mapCoseAlgToWebCryptoKeyAlgName_1 = require("./mapCoseAlgToWebCryptoKeyAlgName");
+const cose_js_1 = require("../../cose.js");
+const mapCoseAlgToWebCryptoAlg_js_1 = require("./mapCoseAlgToWebCryptoAlg.js");
+const importKey_js_1 = require("./importKey.js");
+const index_js_1 = require("../index.js");
+const mapCoseAlgToWebCryptoKeyAlgName_js_1 = require("./mapCoseAlgToWebCryptoKeyAlgName.js");
+const getWebCrypto_js_1 = require("./getWebCrypto.js");
 /**
  * Verify a signature using an RSA public key
  */
 async function verifyRSA(opts) {
     const { cosePublicKey, signature, data, shaHashOverride } = opts;
-    const alg = cosePublicKey.get(cose_1.COSEKEYS.alg);
-    const n = cosePublicKey.get(cose_1.COSEKEYS.n);
-    const e = cosePublicKey.get(cose_1.COSEKEYS.e);
+    const WebCrypto = await (0, getWebCrypto_js_1.getWebCrypto)();
+    const alg = cosePublicKey.get(cose_js_1.COSEKEYS.alg);
+    const n = cosePublicKey.get(cose_js_1.COSEKEYS.n);
+    const e = cosePublicKey.get(cose_js_1.COSEKEYS.e);
     if (!alg) {
         throw new Error('Public key was missing alg (RSA)');
     }
-    if (!(0, cose_1.isCOSEAlg)(alg)) {
+    if (!(0, cose_js_1.isCOSEAlg)(alg)) {
         throw new Error(`Public key had invalid alg ${alg} (RSA)`);
     }
     if (!n) {
@@ -33,19 +31,19 @@ async function verifyRSA(opts) {
     const keyData = {
         kty: 'RSA',
         alg: '',
-        n: index_1.isoBase64URL.fromBuffer(n),
-        e: index_1.isoBase64URL.fromBuffer(e),
+        n: index_js_1.isoBase64URL.fromBuffer(n),
+        e: index_js_1.isoBase64URL.fromBuffer(e),
         ext: false,
     };
     const keyAlgorithm = {
-        name: (0, mapCoseAlgToWebCryptoKeyAlgName_1.mapCoseAlgToWebCryptoKeyAlgName)(alg),
-        hash: { name: (0, mapCoseAlgToWebCryptoAlg_1.mapCoseAlgToWebCryptoAlg)(alg) },
+        name: (0, mapCoseAlgToWebCryptoKeyAlgName_js_1.mapCoseAlgToWebCryptoKeyAlgName)(alg),
+        hash: { name: (0, mapCoseAlgToWebCryptoAlg_js_1.mapCoseAlgToWebCryptoAlg)(alg) },
     };
     const verifyAlgorithm = {
-        name: (0, mapCoseAlgToWebCryptoKeyAlgName_1.mapCoseAlgToWebCryptoKeyAlgName)(alg),
+        name: (0, mapCoseAlgToWebCryptoKeyAlgName_js_1.mapCoseAlgToWebCryptoKeyAlgName)(alg),
     };
     if (shaHashOverride) {
-        keyAlgorithm.hash.name = (0, mapCoseAlgToWebCryptoAlg_1.mapCoseAlgToWebCryptoAlg)(shaHashOverride);
+        keyAlgorithm.hash.name = (0, mapCoseAlgToWebCryptoAlg_js_1.mapCoseAlgToWebCryptoAlg)(shaHashOverride);
     }
     if (keyAlgorithm.name === 'RSASSA-PKCS1-v1_5') {
         if (keyAlgorithm.hash.name === 'SHA-256') {
@@ -88,11 +86,10 @@ async function verifyRSA(opts) {
     else {
         throw new Error(`Unexpected RSA key algorithm ${alg} (${keyAlgorithm.name})`);
     }
-    const key = await (0, importKey_1.importKey)({
+    const key = await (0, importKey_js_1.importKey)({
         keyData,
         algorithm: keyAlgorithm,
     });
-    return iso_webcrypto_1.default.subtle.verify(verifyAlgorithm, key, signature, data);
+    return WebCrypto.subtle.verify(verifyAlgorithm, key, signature, data);
 }
 exports.verifyRSA = verifyRSA;
-//# sourceMappingURL=verifyRSA.js.map

package/script/helpers/iso/isoUint8Array.d.ts ADDED Viewed

@@ -0,0 +1,36 @@
+/**
+ * Make sure two Uint8Arrays are deeply equivalent
+ */
+export declare function areEqual(array1: Uint8Array, array2: Uint8Array): boolean;
+/**
+ * Convert a Uint8Array to Hexadecimal.
+ *
+ * A replacement for `Buffer.toString('hex')`
+ */
+export declare function toHex(array: Uint8Array): string;
+/**
+ * Convert a hexadecimal string to isoUint8Array.
+ *
+ * A replacement for `Buffer.from('...', 'hex')`
+ */
+export declare function fromHex(hex: string): Uint8Array;
+/**
+ * Combine multiple Uint8Arrays into a single Uint8Array
+ */
+export declare function concat(arrays: Uint8Array[]): Uint8Array;
+/**
+ * Convert bytes into a UTF-8 string
+ */
+export declare function toUTF8String(array: Uint8Array): string;
+/**
+ * Convert a UTF-8 string back into bytes
+ */
+export declare function fromUTF8String(utf8String: string): Uint8Array;
+/**
+ * Convert an ASCII string to Uint8Array
+ */
+export declare function fromASCIIString(value: string): Uint8Array;
+/**
+ * Prepare a DataView we can slice our way around in as we parse the bytes in a Uint8Array
+ */
+export declare function toDataView(array: Uint8Array): DataView;

package/{dist → script}/helpers/iso/isoUint8Array.js RENAMED Viewed

@@ -17,7 +17,7 @@ exports.areEqual = areEqual;
  * A replacement for `Buffer.toString('hex')`
  */
 function toHex(array) {
-    const hexParts = Array.from(array, i => i.toString(16).padStart(2, '0'));
+    const hexParts = Array.from(array, (i) => i.toString(16).padStart(2, '0'));
     // adce000235bcc60a648b0b25f1f05503
     return hexParts.join('');
 }
@@ -28,16 +28,16 @@ exports.toHex = toHex;
  * A replacement for `Buffer.from('...', 'hex')`
  */
 function fromHex(hex) {
-    var _a;
     if (!hex) {
         return Uint8Array.from([]);
     }
-    const isValid = hex.length !== 0 && hex.length % 2 === 0 && !/[^a-fA-F0-9]/u.test(hex);
+    const isValid = hex.length !== 0 && hex.length % 2 === 0 &&
+        !/[^a-fA-F0-9]/u.test(hex);
     if (!isValid) {
         throw new Error('Invalid hex string');
     }
-    const byteStrings = (_a = hex.match(/.{1,2}/g)) !== null && _a !== void 0 ? _a : [];
-    return Uint8Array.from(byteStrings.map(byte => parseInt(byte, 16)));
+    const byteStrings = hex.match(/.{1,2}/g) ?? [];
+    return Uint8Array.from(byteStrings.map((byte) => parseInt(byte, 16)));
 }
 exports.fromHex = fromHex;
 /**
@@ -47,7 +47,7 @@ function concat(arrays) {
     let pointer = 0;
     const totalLength = arrays.reduce((prev, curr) => prev + curr.length, 0);
     const toReturn = new Uint8Array(totalLength);
-    arrays.forEach(arr => {
+    arrays.forEach((arr) => {
         toReturn.set(arr, pointer);
         pointer += arr.length;
     });
@@ -74,7 +74,7 @@ exports.fromUTF8String = fromUTF8String;
  * Convert an ASCII string to Uint8Array
  */
 function fromASCIIString(value) {
-    return Uint8Array.from(value.split('').map(x => x.charCodeAt(0)));
+    return Uint8Array.from(value.split('').map((x) => x.charCodeAt(0)));
 }
 exports.fromASCIIString = fromASCIIString;
 /**
@@ -84,4 +84,3 @@ function toDataView(array) {
     return new DataView(array.buffer, array.byteOffset, array.length);
 }
 exports.toDataView = toDataView;
-//# sourceMappingURL=isoUint8Array.js.map